AW: What to do with bot networks

["Robert Marquardt" <email () robert-marquardt com>]

I fully agree Paul.

-----Ursprüngliche Nachricht-----
Von: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] Im Auftrag von Paul Schmehl
Gesendet: Freitag, 3. Dezember 2004 19:52
An: Conor Sibley; full-disclosure () lists netsys com
Betreff: Re: [Full-Disclosure] What to do with bot networks

--On Friday, December 03, 2004 12:27:20 PM -0500 Conor Sibley 
<csibley () gmail com> wrote:
> -Do I disable the network
> This is a huge network that is likely used for DDOSing.  If you've
> ever been DOSed... it sux.
>
> -Do I report to ISP or authorities
> The ISP is in an eastern European country and I don't know if the
> local authorities would do anything let alone care.
>
> -Do I do nothing
> This option sucks but it sure is the easiest
The answer to this question is inversely proportional to the amount of time 
you have to screw with it.

case "$1" in
  no_time)
    OPTION=3
  ;;
  some_time)
    OPTION=1
  ;;
  lots_of_time)
    OPTION=2
  ;;
  *)
    echo $"Usage: 0$ {no_time|some_time|lots_of_time}"
    exit 1
esac

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html